Rapid7 Vulnerability & Exploit Database

Drupal: CVE-2018-7600: Remote Code Execution - SA-CORE-2018-002

Drupal: CVE-2018-7600: Remote Code Execution - SA-CORE-2018-002

Severity

8

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

03/29/2018

Created

07/25/2018

Added

03/29/2018

Modified

04/02/2019

Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.